Joseph Pacamarra

While scouting the Web for the latest threats, Trend Micro threat analysts stumbled upon FAKEAV variants riding on the impending eruption of the Mayon Volcano. Renowned for its “perfect cone” shape, the Mayon Volcano became one of the candidates for inclusion in the New 7 Wonders of Nature list. It is not surprising, therefore, that…

We have recently found a website that purportedly offers cracks for numerous applications, but in reality serves malicious files to its unknowing users. The website, hxxp://{BLOCKED}ck.com, is allegedly owned by an organization called China.United Telecom. Corp. The said website supposedly offers a wide collection of cracks for different applications. However, attempting to download any of…

While monitoring countless sites as part of our current Web threat strategy, we have stumbled upon a legitimate-looking prompt from MSN Live Messenger… or so it would appear (at first). As shown from the screen captures below, this prompt bears a close resemblance to the actual prompt being displayed by the MSN Live Messenger instant…

XSS (Cross-Site Scripting) Very Much Alive and Kicking We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the sites involved some cross-site…

Research Project Manager Ivan Macalintal reported a few hours ago that another Thailand-based Web hosting site appears to have been compromised to serve malware. APAC-Regional TrendLabs Team immediately probed and analyzed the attack layout for the ill-fated www.ictbannok.com and we identified a tricky injection, which was prematurely implemented. Based on our analysis, the main site…